The key towards the future growth and security of cryptocurrency transactions

For the first time, the term “cryptocurrency” was applied to Bitcoin, which appeared in 2009. We have entered its second decade of existence and during this time many millions of users around the world have purchased and transacted with it. Early on, a significant part of the participants in the growing cryptocurrency market positioned bitcoin as an anonymous means of payment. This feature drew the attention of both law enforcement agencies and various criminal communities, for which the supposed anonymity of transactions was a new weapon to be used.

As a result of the sharp increase in the popularity of Bitcoin and other cryptocurrencies among scammers along with increasing AML (Anti-Money Laundering) regulations by governments and authorities, exchanges began to search for solutions to monitor and detect funds and addresses related to such criminal activity. To do this, they turned to solutions such as Coinfirm’s AML & Analytics Platform for Blockchain and cryptocurrencies.

What is AML compliance?

The phrase Anti-Money Laundering has been used since 1989, in the sense that we mean today. It has been fixed in official documents since the creation of the Financial Action Task Force (FATF) in Paris. Currently, this financial watchdog is interested in the sphere of virtual assets, and there is a special article on their website dedicated to cyber crimes related to money laundering through virtual currency. There you can also find recommendations on countering money laundering (FATF Standards). AML policy today includes a wide range of actions aimed at identifying participants in financial transactions, through the interaction of governments and various financial institutions. FATF currently consists of 37 member countries and 2 regional organizations representing most of the major financial centers in all parts of the world.

Initially, according to the terminology of the FATF organization, AML’s policy sounded somewhat different: AML CFT CWMDF — Anti-Money Laundering and Counter-Terrorist Financing and Counter-Weapons of Mass Destruction Financing. Often in official documents, the long abbreviation is shortened to the first three letters. The AML KYC solutions consists of several procedures, one of which is called KYC — (Know Your Customer). In general terms, the complex of KYC processes are one of several subsections of AML, and represents the general principle of operation of financial institutions, such as banks, exchanges, bookmakers, various investment funds, and so on. It provides for pre-identification of counterparties, transaction tracking, monitoring of suspicious activity, and some other operations that help reduce potential customer risks and prevent crimes. In official documentation, the concept of KYC appeared in 2016 in the United States, when the one of the US Treasury primary agencies FinCEN (Financial Crimes Enforcement Network) introduced formal KYC requirements.

There are three main components for implementing the KYC principle:

Customer Identification Program (CIP)

This is a set of requirements that, for example, for the United States are fixed in section 326 of the USA Patriot Act, but similar requirements are met by most countries in the world under the CIP. According to the user identification program, the client is required to provide the financial institution with at least: name, date of birth, address of residence and other personal data in accordance with the current legislation of the country.

Customer Due Diligence (CDD)

Customer Due Diligence information includes facts about the customer that allow the organization to assess level of risks that an unscrupulous customer may expose the company to. When implementing the CDD principle, you need to find out a wide list of data that will help you correctly characterize the client, predict the potential pattern of their actions, and based on the data obtained, make a conclusion about the security of cooperation with them.

Organizations must “know their customers” for a number of reasons, the main one is need to comply with the current laws of the country in which the organization operates. It is equally important to secure client’s finances by detecting threats in a timely manner. In this context, companies working with crypto assets are particularly vulnerable. Cryptocurrencies can provide a certain amount of anonymity for the funds obtained illegally, which means they can lead to major legal proceedings that will definitely “tarnish” the reputation of the institution.

International regulatory requirements force companies to act within the framework of a risk-based approach to CDD. The extent to which the customer needs to be thoroughly checked during Customer Due Diligence procedures depends on many factors, some of which will be discussed in the next sub-paragraph.

In General, when implementing the CDD method, financial institutions should know the following data:

who the client really is;

its location;

origin of income;

types of transactions;

estimated business model in terms of transaction types, dollar value and frequency of transactions;

expected method of payment.

The amount of information checked will vary from case to case, as many factors are taken into account when developing specific measures in relation to the client. According to the European classification, the standard risk group includes those who live permanently in the country, work stably or have another transparent source of income. For such clients, only the basic information that they provided is verified. The in-depth Due Diligence procedure is applied to clients from a high-risk group, which includes Ultimate Beneficial Owners (UBOs), who manage high-risk companies and structures. At the same time, private companies are considered to be more risky than state-owned structures. For this reason, an in-depth identity verification of the beneficial owners (i.e., CEOs, founders of trusts) and supervisors is carried out, along with the verification of the corporate entity.

Analysis of the activities of individuals identified as UBO is performed as part of the KYB — Know Your Business procedure, which applies primarily to corporate clients. For such companies, there are four steps of analysis:

Smart review of company vitals

The first step involves identifying and verifying data such as the registration number, company name, address, status and composition of the management staff. Some items may be added depending on the specific indicators used for Analytics.

Research of Ownership Structure

At this stage, legal entities or individuals are identified who either directly own the key blocks of shares, or use intermediaries for this purpose.

Identification of Ultimate Beneficial Owners

The third step involves determining the percentage ownership of the company’s shares. UBO can be considered a person who owns more than 25% of the total stake and has a key influence on the life of the company.

Verification of All Individuals With AML/KYC Tools

During the implementation of the final stage of the analysis of corporate clients, the study of all individuals marked in the report as UBO using AML/KYC methods is carried out.

There are three levels of Due Diligence verification:

Simplified Due Diligence (“SDD”)

The simplified procedure is applied to those companies and clients who fall into a low risk group, for example, if they operate with small transaction volumes and amounts.

Basic Customer Due Diligence (“CDD”)

This is a standard procedure that is implemented for all clients and allows you to assess the obvious risks associated with them.

Enhanced Due Diligence (“EDD”)

Clients with a high degree of risk are subject to in-depth verification. EDD should be performed if any risks are identified in the CDD results. The activities of clients from the high-risk group are carefully analyzed, and as a result, the possible consequences of cooperation are modeled.

The implementation of Due Diligence procedures are recommended before entering into a “business relationship” with the client. Even one-time transactions that do not involve long-term relationships may fall into the category of such relationships. In this case, it is better to focus on the current legislation, since an ambiguous interpretation can lead to “accidental” liability. As you know, ignorance of the law was no excuse.

Ongoing Monitoring

The third element of the KYC principle involves constant monitoring of customer transactions, since at any moment a seemingly respectable account may start performing suspicious actions, and they will need to be stopped in time.

The following actions can be designated as triggers for increased monitoring of the account and its owner as part of a risk reduction strategy:

spikes in activity

distribution of funds between multiple addresses

transfer of assets to another country

inclusion of individuals in the sanctions lists

adverse media mentions

These triggers and analysis can serve as a reason to submit relevant documents about suspicious account activity for more in-depth checks using visualizing and case management tools for example.

Returning to the Anti-Money Laundering policy, it should be noted that all related activities in the European segment are regulated by The EU’s 5th Anti-Money Laundering Directive (AMLD 5), which was published on June 19, 2018. The new directive expanded the scope of the procedure to include virtual platforms, e-wallet services, tax services, and art dealers. Based on the information received, registers of counterparties with various risk levels are formed.

Some services are engaged in providing such information for money, since their clients essentially outsource the implementation of the AML policy. Using the services of third parties, depending on the specifics of the legislation, the requested data and the private approaches of analytical companies, you can find out the client’s credit history, how regularly he pays taxes, the type of activity, the origin of finances, etc.

In the field of blockchain and cryptocurrency, the situation with the implementation of AML policies and KYC methods is as follows. On the one hand, it is quite problematic to determine who is behind a particular transaction, given the sophistication of criminals who forge documents, steal the personal wallets of ordinary users and constantly improve illegal ways to extract profit. On the other hand, it is not always necessary to determine the specific account owner, while it is enough to analyze the history of transactions with this wallet/accounts, the range of its connections, as well as the degree of “purity” of the cryptocurrency that it uses. This is the uniqueness of the implemented approaches to countering money laundering. Companies that are engaged in such investigations should carefully study the transaction history of all tracked accounts and pay attention to small things that at first glance seem insignificant. Their activities are extremely popular, as the crypto market shows dynamic growth, and the number of transactions is growing every day.

For example, we can note that the largest cryptocurrency exchange Binance has seriously decided to find a way to prevent financial fraud on its platform. In 2019, Binance entered into a partnership with Coinfirm and integrated their AML and Analytics Platform allowing Binance to fulfill . Coinfrm implements KYC algorithms, conducts a comprehensive Due Diligence procedure, tracks all assets being moved in real time, and forms its own database. Relying on which, even at the stage of initial analysis, you can approximately find out the degree of trust in the counterparty.

“With new and more expansive AML and regulatory standards being put in place across the globe and governmental bodies such as the FATF placing new rules on the market in order to ensure sustainable growth of the market, we are looking forward to our collaboration with Coinfirm,”said Samuel Lim, Chief Compliance Officer of the world’s largest cryptocurrency exchange, Binance.

“We trust that Coinfirm and its leading solutions will help us and the industry evolve in a fast-changing and developing market while allowing for comprehensive and institutional growth in a compliant and safe manner.”

Thus, the KYC AML solutions finds application both in the traditional banking sector and in the rapidly developing blockchain sphere, with many pitfalls that cryptocurrencies conceal. To sum up, we would like to note that AML is not only a regulatory requirements to “know your customer”. This is a permanent process of monitoring, analysis, and instant reaction to any suspicious transactions made with accounts and assets. Financial institutions need to be proactive and implement a risk-based approach. If it is not possible to carry out Anti-Money Laundering policy, implement CDD and EDD protocols within the KYC procedure, then the management of such a company should decide to outsource this process. Such a step will definitely pay off: it will attract honest users, and scammers will not be able to run rampant with impunity.

In addition to the benefits for individual financial institutions, the introduction of AML tools is revitalizing the crypto asset market. If at least the Know Your Customer procedure is implemented, the degree of trust in relation to cryptocurrencies on the part of national governments will significantly increase. This, in turn, is likely to entail a number of positive steps on the part of states to regulate the cryptocurrency sphere.

Are there any disadvantages in implementing tools to combat illegal financial transactions? It is obvious that they should be, and the main one is the encroachment by the authorities and private companies on the anonymity of users. Some people will see this as a threat to their financial security, because assets that are not controlled by governments are to a certain extent protected from defaults and other “charms” of state regulation. Experience shows that any sphere should be regulated to some extent by legislative acts and general principles. The AML policy should be used as general principles, but users should be sure that their rights are reserved from third-party attacks.